This blog is a personal book on Security/ IDM related thoughts/opinions.
The blog posts are a personal opinion only and neither reflect the views of current/past employers nor any OTHER person living/dead on this planet.

Google Site Search

Enter your search termsSubmit search form

Web

jboss.org

anil-identity.blogspot.com

Friday, March 9, 2012

Open Source and Security Response

We live in a very interesting world. I term it interesting and not dangerous because I see a lot more good in this world than the bad. So unlike the media who love to portray the bad primarily, I would like to talk about the good in the world. A good in the world for the last few years has been Open Source.

Now let us look at Web Browsers. They have been our gateways to the Internet content. Of course, you need a ISP or a Wifi connection to get to the internet. But the browsers have been the main avenue to access the rich content that is on the internet. Browsers such as Mozilla Firefox, Google Chrome and Opera have been very beneficial to the world. All 3 of them take security of their users very seriously.

Now let us talk about the value of Security Response to open source projects. Almost all major OSS foundations (Apache, JBoss, Linux etc) are backed by a proactive security response team who stay on top of vulnerabilities in their projects.

As the number of open source projects is on the rise, it is critical that you adopt a open source project that has an excellent security response team as well as provides newer versions of the project with the fixes. Also the ball is in your park to stay on top of newer releases. If you are unable to manage the patches or get on newer versions of projects, then I suggest strongly that you adopt commercial versions of open source software such as the JBoss Platforms (EAP, SOA-P, EPP etc), Hadoop (Cloudera/MapR/HortonWorks) etc because these are backed by a security response team, who will provide the necessary patches. Trust me, all software at all times will have at least one vulnerability. Software does not get created by magic but by humans who are prone to mistakes.

For this reason, I feel that the security response is a critical aspect for Open Source Choice and Adoption. Please visit Red Hat's Security Response for additional information: http://www.redhat.com/security
as well as understanding the role of open source and security.